Newsletter February 2016

following our last newsletter, we would like to inform you that after the merge of squat.gr and espiv.net[1], there is the possibility to choose whichever domain you wish between the two (squat.gr or espivblogs.net) when composing a hosting request to create a blog. For the time being though you cannot create squat.gr mails and mailing lists.

[Mixed content]

For some time now, the browsers have been blocking what is called “mixed content”, namely when there is http element (say a picture) on an https page, and it is a common problem on the web. To get around this problem one has to link a picture without explicitly defining the protocol (https or http), thus letting the browser/visitor choose how it is going to download and display the picture.

For example, src=”http://mysite.espivblogs.net/files/2015/10/mypicture.jpg” must become src=”//mysite.espivblogs.net/files/2015/10/mypicture.jpg” This way, when one visits http://mysite.espivblogs.net/ they will be given the .jpg with http, while when they visit https://mysite.espivblogs.net/ they will be given https. Easy!
It is our immediate goal to turn all of the blogs into https only and stop having a mixed content problem.

[Keeping public web content online]

We, the collective managing espiv.net/squat.gr, have mentioned in the past that our day-to-day operations include some house-keeping for our servers: bringing down inactive services or/and software that we cannot support. However, when it comes to the web blogs we host, it is our conviction and our suggestion that these blogs’ content stays available online , even if the groups that originally created them have disbanded. It is important to us -and we believe beneficial for the history of the radical movement aswell- that those are accessible as an archive.

[files.espiv.net as a hidden service]

The files.espiv.net service (file sharing) is also available via tor hidden service at the address z7zbg7sxhxfergpo.onion (entering via tor browser). We remind you that the access code is “espiv”. It is better to use that service when you wish to exchange large files, instead of burdening the available space on your mailbox aswell as the one of your comrades [2]. That’s even more important if you are using a mail account hosted with radical/alternative servers, where the disk quotas are limited (i.e. for espiv it’s 100mb). That way you make the administrators’ work easier (and you get rid of their nagging 😉 ).

[Service requests coming from cooperatives (legal entities)]

All the requests concerning new services are reviewed by members of our collective, according to the hosting terms that we have set: https://espiv.net/terms_of_service/ . One of the things that we request is that each mail/blog/list is not related to reasonings involving profit. We have received many times requests from entities legally founded as “workers’ cooperative”, self-managed marketplaces, or fair-trade networks and various similar projects to which we gave a negative response.

It is widely acknowledged that these projects operations does include profit, despite the different character that they might want to give to the production procedure. At espiv, we have agreed and request that the services that we freely provide not to be related to any kind of profit. This should not be considered as a holistic approach of our collective against this kind of projects. And it is not necessarily binding for the choices/opinions of each and every espiv member. On the contrary, it is the product of minimum agreements, that outlines the operation of espiv. We shall also state that it’s a collective attempt to break down the chain of money in human interactions.

[Safe use of emails]

Email security depends on the following factors:

Where emails are stored

What form they are in / who can read them

How emails travel through the internet

a)Using thunderbird or webmail doesn’t change something at this point. Do you trust the group that manages the server? The company that hosts it?

b)It is almost certain that the emails you receive are not encrypted (with GPG). In other words they travel in plaintext through the internet. This means that the admin group of the server can read them. This also means that a malicious third party that compromises the server, will be able to read the emails aswell. Are the disks of the server encrypted? If the police or the employees of the hosting company confiscate the server’s disks, will they be able to read their content? Webmail cannot add any type of security on these questions.

c)How do you connect to mailserver? Do you use encrypted connection TLS? In other words is the transport between the email client and the remote server encrypted? If not then any person in-between will be able to view your password and your emails as they are being downloaded to the email client. If you wish to use webmail you should be using HTTPS to connect to you email provider website.

At espiv we use roundcube for webmail but we encourage the users to use email clients like Thunderbird and download their emails locally on their computer. We also encourage the use of public key encryption and Tor for anonymity.

At espiv we put effort into keeping the emails that we host as secure as possible. We use full disk encryption, we manage the machines by ourselves, machines that are located in trusted places. We enforce encrypted connections with TLS is mandatory and we verify the encrypted communication between our server and other radical providers (Riseup, Autistici, aktivix, etc.). Especially when it comes to webmail, we are using different means to lock down and isolate the web application from the rest of our systems, since web applications are usually vulnerable.

[1] [https://espiv.net/2015/12/09/ta-squat-espiv-upo-koini-diaxeiristikh-omada/ ]
[2] instructions for that service:
go here https://files.espiv.net/
you will be asked for a password, you type “espiv”, click the browse button and you select your file from where you saved it.
once it has loaded, click the share button and you will be presented with a url address. Copy that and send it to your contacts.